In late 2022, Tidelift fielded its second survey of open source maintainers. Hundreds of maintainers responded with thoughts about getting paid for their work, the security and maintenance practices they have in place for their projects, and where they need help most, along with a host of other interesting insights. In this post, we share the second of eleven key findings. If you don’t want to wait for the rest of the results, you can download the full survey report right now.
In one of our previous surveys, we learned that open source has in many ways become the modern software development platform, with over 90% of applications using open source. We’ve seen several other surveys over the past few years that have reached similar conclusions.
Since we rely so heavily on open source software, we also rely on the often-unpaid open source maintainers behind these packages to keep them secure and well maintained.
Over the past few years, there have been many government and industry efforts to improve security practices in open source, although most of them have been more focused on what needs to be done than who is going to do the work. As these efforts to improve cybersecurity gain momentum, maintainers will be asked to spend more time working on their packages to ensure they meet these new federal and industry software security standards.
We asked maintainers how much time they spent per week maintaining their open source projects. Interestingly, we found a direct correlation between maintainer compensation and the amount of time they spend working on their packages.
For maintainers who consider themselves professionals, earning most or all of their income from maintaining projects, 81% spend more than 20 hours per week on maintenance and 93% spend more than 10 hours a week.
The maintenance time drops significantly for semi-professional maintainers. Only 27% of these maintainers spend more than 20 hours per week, and 51% spend more than 10 hours a week.
The vast majority of unpaid hobbyist maintainers spend 10 or fewer hours a week on their maintenance work. Only 23% of the maintainers who are currently unpaid, but would like to get paid, spend more than 10 hours per week on their maintenance work. And a sliver (6%) of unpaid maintainers who aren’t interested in getting paid spend more than 10 hours per week on this work.
As we contemplate asking maintainers to do more work to keep their packages secure and up to date, this finding provides some of the clearest evidence to date that there is a direct relationship between getting paid and the amount of time maintainers can spend working on open source.
This is not rocket science. Most maintainers are inspired to do their work by the creative challenge of solving a problem or making something that fills an unmet need. They are less likely to be inspired by complying with unfunded mandates or documenting their security practices to meet industry and government standards.
So whereas the initial open source creation process may be fed by curiosity and the desire to take on new challenges, the ongoing maintenance work may require a different, more straightforward reward: money.
We hope you found some useful and actionable information in this blog post. If you’d like to get notified as future posts come out, please sign up for our blog digest here. Or if you don’t want to wait, download the full survey results today and RSVP for the webinar on Thursday, May 18 at 3 p.m. ET, where we’ll be unveiling the top findings from the survey!